Lucene search

[email protected]NVD:CVE-2014-8024

HistoryDec 23, 2014 - 2:59 a.m.

CVE-2014-8024

2014-12-2302:59:04

CWE-200

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.2

Confidence

Low

EPSS

0.003

Percentile

70.6%

JSON

The API in the Guest Server in Cisco Jabber, when the HTML5 CORS feature is used, allows remote attackers to obtain sensitive information by sniffing the network during an HTTP (1) GET or (2) POST request, aka Bug ID CSCus19789.

Affected configurations

Nvd

Node

ciscojabber_guest

VendorProductVersionCPE
ciscojabber_guest*cpe:2.3:a:cisco:jabber_guest:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	jabber_guest	*	cpe:2.3:a:cisco:jabber_guest::::::::

References

tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8024

www.securityfocus.com/bid/71770

www.securitytracker.com/id/1031422

tools.cisco.com/security/center/viewAlert.x?alertId=36870

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.2

Confidence

Low

EPSS

0.003

Percentile

70.6%

JSON

Related for NVD:CVE-2014-8024

prion1 cve1 cisco1 cvelist1